CVE-2024-25635

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 19, 2024
Updated: Feb 20, 2024
CWE ID 612

Summary

CVE-2024-25635 is a vulnerability affecting the alf.io open source ticket reservation system. Prior to version 2.0-Mr-2402, the system allowed organization owners to access the API key and user details of other organization owners through the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint. This issue exposed not only the user details but also the API key, which was sometimes incorporated into the usernames. This vulnerability has been addressed in version 2.0-M4-2402.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share